VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 8 of 54
  • CVE-2026-7399HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

  • CVE-2026-41267HigApr 23, 2026
    risk 0.53cvss 8.1epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed…

  • CVE-2026-40784HigApr 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.

  • CVE-2026-38532HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.00

    A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.

  • CVE-2026-38530HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.00

    A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.

  • CVE-2026-4896HigApr 4, 2026
    risk 0.53cvss 8.1epss 0.00

    The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`,…

  • CVE-2025-67298HigMar 11, 2026
    risk 0.53cvss 8.1epss 0.00

    An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

  • CVE-2025-8855HigNov 14, 2025
    risk 0.53cvss 8.1epss 0.00

    Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate…

  • CVE-2023-35876HigDec 20, 2023
    risk 0.53cvss 8.1epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1.

  • CVE-2023-37871HigDec 20, 2023
    risk 0.53cvss 8.2epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.

  • CVE-2023-0558HigJan 27, 2023
    risk 0.53cvss 8.2epss 0.01

    The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by…

  • CVE-2026-55255criJun 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. ## Details The vulnerability exists in the…

  • CVE-2026-55518criJun 17, 2026
    risk 0.52cvss epss

    ## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the…

  • CVE-2026-47407criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a `require_workspace_member(workspace_id)` FastAPI dependency. The dependency only checks that the caller is a member of the workspace_id in the URL prefix. The…

  • CVE-2026-41947CriMay 18, 2026
    risk 0.52cvss 9.1epss 0.00

    Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace…

  • CVE-2026-42889CriMay 12, 2026
    risk 0.52cvss 9.1epss 0.00

    Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated…

  • CVE-2025-50849HigJul 31, 2025
    risk 0.52cvss 8.0epss 0.00

    CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An…

  • CVE-2024-11318HigNov 18, 2024
    risk 0.51cvss 7.5epss 0.01

    An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the…

  • CVE-2018-1000210HigJul 13, 2018
    risk 0.51cvss 7.8epss 0.01

    YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);"…

  • CVE-2026-54361HigJun 12, 2026
    risk 0.50cvss epss 0.00

    MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers…